Marianne Bailey, a partner and cybersecurity practice lead at Guidehouse, said organizations should understand the importance of service level agreements when it comes to developing cyber incident response plans that involve third parties, InformationWeek reported Thursday.
“When you’re looking for a third-party incident response, and support agreement, you have to know what you, as a company, have the skills to do,” Bailey told the publication in an interview.
“Then you contract out for tier 2 or tier 3. They’re going to come in and provide support. Service level agreements are critical,” she added.
When asked about the factors to consider when renegotiating agreements with third-party providers, she said organizations should know the capabilities they have and need to reinforce and look for an entity that could help them develop their incident response plans.
“If you’re not getting something you need, you renegotiate. It’s going to come down to those SLAs. It’s not a very expensive endeavor to have somebody come in and help you develop your incident response plan and helping you write your SLA. So just get somebody smart to come in and help you,” she noted.
Bailey also highlighted the importance of tabletop exercises and the role of the executive team in handling and responding to cyberattacks.